ATMs found to be easily hacked in minutes because they run on Windows

By just drilling a hole in a cash machine, you can have access to loads and loads of moolah – within minutes. A security expert with cyber company Positive Technologies, Leigh-Anne Galloway, said that since most automated teller machines (ATMs) are basically Windows XP computers that connect to a vault, it can be so easy to get hold of what’s inside them. Sometimes, it even takes five minutes or less to do that.

In an interview with BBC News, Galloway relayed how drilling a hole in the front section of the machine (near the keypad) can give a thief access to a universal serial bus (USB) cable that can be tampered with to make the machine dispense money.

“It’s just a safe with a computer on top,” Galloway said, establishing that since this is the case, it can be vulnerable to other risks like physical manipulation. Barring that, cash machines usually run on outdated Windows XP software, so even if a hacker finds it difficult to saw through a particularly well-built cash machine, he would still be able to access the money via electronic means, if he is a hacker worth his salt.

“You could put malware on this system that could collect data from cards as well. So, that would be information that’s held on our cards as well. If I as a consumer was using this machine, it could collect my card data. And that could spread around the whole network of ATMs,” Galloway said.

Experts said that in order for you not to have your money stolen by shady individuals, you should only withdraw money from ATMs that are protected by security surveillance cameras and, as much as possible, those that are inside banks.

Duluth, Georgia-based ATM maker NCR said banks should invest in high-security cash machines that would be impenetrable to cyber criminals. “ATM security threats are becoming more complex and sophisticated, and thus securing one’s infrastructure and end-points is a never-ending task. Banks, as ATM deployers, must make security a high priority and stay current with all security defenses, operating system upgrades, and industry recommendation,” they said.

In 2016, cash machines across a dozen countries in Europe and Asia such as Pakistan, Thailand, and Taiwan were manipulated and ransacked by cyber criminals. Hackers have reportedly upgraded to going inside banking and electronic payment networks from merely stealing payment card numbers and online banking credentials.

Cyber-offenders to undergo rehab

The National Crime Agency, in an effort to set hackers on the right path, have began putting them in “rehab camps” starting this July. The first of these camps happened in Bristol, England. The attendees of the camp, who were mostly juvenile delinquents, were informed about how they can use their hacking skills in a responsible way, and were informed of various career choices and opportunities in computer and cyber security.

Among the crimes of the said hackers were vandalizing websites, crippling online servers, and infiltrating restricted networks, including banks and financial institutions. However, sometimes hackers just commit crime for the sake of what they think is “silly and fun”, like breaking into their school’s network, changing the passwords of their teachers and school officials, creating fake messages, “and then it gets to the point that you realize you shouldn’t carry on”.